Secure the Windows 7 Administrator Account

Although it doesn’t show up in the list of available accounts when Windows 7 boots up, every installation of Microsoft’s newest operating system by default has an administrator account built in.

Unfortunately, this administrator account can be a major security risk for users of Windows 7 Home Premium, Professional, and Ultimate editions. Learn how to take control and secure the administrator account in Windows 7.

An Administrator Account vs. The Administrator Account

If you are a casual user of Windows 7, you may not know that there is a difference between being an administrator and being the administrator. It is possible to set up any user in Windows 7 to be an administrator but there is an administrator account that Windows sets up automatically when it is first installed.

There are two problems with this feature of the operating system. First, by default, the administrator account does not show up in the list of available accounts when Windows 7 boots up. This is why so many people do not know that the account even exists.

Second, there is no password set for the administrator account. These two issues combine to create a moderate to major security risk depending on how you use Windows. Read on learn how to activate the administrator account and password protect it to make your computer more secure.

Activating the Administrator Account in Windows 7

Although there are several ways to activate the administrator account with clicks of the mouse, here is an alternative method often used by IT professionals who are familiar with the net framework command prompt method of administration.

Begin by clicking on Start>All Programs>Accessories and then right-click on Command Prompt. Choose Run as Administrator from the menu that pops up.

Run the Command Prompt as an Administrator

When the command prompt opens, type the following line:

net users administrator /active:yes

Make the Administrator Account Active

Press Enter and Windows should then tell you below the command you just typed that The Command Completed Successfully.

Secure the Administrator Account

Log off the current account and notice that the administrator account is now available in the list of accounts in Windows 7. Click on the administrator account. Now we need to password protect it.

Click on Start>Control Panel>User Accounts. Then, click on User Accounts and Family Safety and then Change Your Windows Password. Don’t worry that your administrator account doesn’t yet have a password. You just have to click on this link to create one even though you haven’t specified one yet.

Click on Create a Password for Your Account. This is where you create your password and verify by typing it again.

Create an Administrator Password

Be very careful that you don’t have Caps Lock on or you may type a password you didn’t intend to use. Also, since this account will not be used often consider storing this password some place safe so it is available if you need it. When finished, click on the Create Password button and log out of this account.

Deactivate the Administrator Account

Since there is really no reason to have the administrator account show up in the list of available accounts when Windows boots up, it is good practice to deactivate the account.

Log back into any other administrator account and open up the Command Prompt just as you did above. Now type the following line:

net users administrator /active:no

Notice that this is the same command you typed before expect now the last word is “no” instead of “yes.” Once again, you should get the message that The Command Completed Successfully. Log off this account and notice that the administrator account is no longer listed.


Microsoft’s handling of the administrator account in Windows 7 may seem strange but it learned its lesson from previous releases of Windows. Some users of the operating system were accidently deleting all of the administrator accounts.

Since you need an administrator account to create an administrator account, some people lost all of their data. Although there are some methods to repairing a Windows installation with no administrator account, Microsoft probably thought it would be easier to create an admin account, deactivate it, and not force the user to create a password for it.

Comments [7]

  1. at the login screen is it not also possible to just to a ctrl+alt+delete twice to get to the user login screen like it is in xp.

    where you type in the name instead of selecting it.

    and you can just type in administrator.

    or does this not work since the administrator account is not active?

  2. Need to whether is there any privilge differences when user is having administrator account and another account with administrator privilege?

    bcoz in win7 32 bit pc, some application able to install properly (other account having adminstrator privilege)but not able to launch the application, but when adminstrator user is log, the same application is able to launch properly

  3. "there is really no reason to have the administrator account show up in the list of available accounts when Windows boots up"

    It's a joke, right?

    I have run into so many problems with all this privileges, and permissions and all that, that I am seriously considering using only THE administrator account as my main account. Sometimes I can't even open a simple rar archive being AN administrator.

    Do we really need all this?

    It wasn't a problem in XP to be the administrator, why should be it a problem now? I NEVER had any security issues for being the administrator. Why is that Microsoft believes we are a bunch of idiots? I want to be in control of the OS not the other way around.

  4. Hey Aof Dark,

    I agree that Microsoft maybe didn't do the best job with their admin accounts. Actually there is a very valid reason for NOT giving a user full admin rights on the PC. In recent years, the use of the internet has exploded and in that explosion, there is a bit of "bad stuff". If you are on a website and click on a banner ad that YOU think just contains info on something but in reality, it downloads "bad" software to your PC, this is where your account type comes in very handy. If you are logged in with an acct with full admin rights and you have uac disabled, software could be installed and you might not even realize it.

    Even on XP, I always set user accounts to the limited account and leave the uac enabled on Vista. Of course, this depends on how knowledgeable your user is but if they can't install software from their acct they normally use, that makes using a internet connected PC much safer.

    There's tons of articles on this and lots of ways to customize your PC. I think any user interested in keeping the PC as safe as possible should read up on what is available to them and modify their accounts accordingly. This is the ultimate in being in control of your OS as you have dictated to the OS what it can and can not do.

  5. @rmoore: "In recent years, the use of the internet has exploded and in that explosion, there is a bit of “bad stuff”. If you are on a website and click on a banner ad that YOU think just contains info on something but in reality, it downloads “bad” software to your PC…"

    Do you say that based on what you have heard or your experience? I have never visited a site that downloads software to my PC without my knowledge. From my experience, I know what I can click, and what not, and that in dialogs I should say "no" most of the time. And I have been in very "bad" sites.

    I have been using computers since the Atari 800XL. In my 25+ years of experience using computers I have seen a ton of viruses, but never, and I mean NEVER, have got my computer infected by a worm/virus/script/etc. I really think it's a matter of common sense. A virus has no means of installing by itself. You have to help it. I don't.

    I really think this whole concept of "security" is nothing more than a fear campaign. I absolutely understand that some users click everything and can get infected easily, so I can understand that the OS takes more care of them, but the OS should also give the power users the ability to do whatever they want without things that have happened to me lately like "can´t access XXXXXX file", or "you need to give administrator permission". It's really a PITA.

  6. Hey Aof Dark,

    My statements are based on the many PCs that have viruses/trojans/malware on them that I have had to clean over the years. Some much easier than others. Many owned by teenagers but not all. If you've never had a virus or malware in 25 years, that's awesome. I haven't met any other person that could make that claim but it sounds like you should keep doing what you're doing cause it sounds like its working for you.

    And there is tons of malware that is capable of being embedded into otherwise legitimate looking executables. People get them all the time without knowing. The best part though is that several years ago, the guys that write these type of programs started putting timers into them so they don't cause any problems on your PC…….at first. A month or so later, they kick it making it much more difficult to figure out the source that infected your PC.

    I couldn't tell you how many times (but its a bunch!) a person will tell me their PC is acting strangely but they don't have a virus problem. I scan the PC and find 4-5 items major problems and 20-30 more minor problems and after repair, all is working fine again. They always ask me the same question "how could that be? I've never downloaded a virus". What they really mean is that they have never downloaded a virus they were aware of…….

    So keep on keeping on but these reasons and more is part of the reason Microsoft is adding these features to the OS.

Leave a Reply

Your email address will not be published. Required fields are marked *